Dev0ops hints

11517192021

Comments

  • Hi All,

    I have obtained the user.txt. I am stuck in the next steps. I have read few log files but still not sure how to progress. Is there any hints? I tried to read all the post here but still not able to figure out.

    Thank you

  • Total n00b here and I need my hand held for this one. Been working for a couple of days on this. Thanks.

  • edited September 2018

    Hi All,

    I don't find the injection point for upload file , can you give me some hints ?
    There are only 2 pages but I don't see anything

  • @evilcall said:
    Hi All,

    I don't find the injection point for upload file , can you give me some hints ?
    There are only 2 pages but I don't see anything

    It's in front of you bro, just read what all is written on the '2 pages' you found.

    TheLegend

  • @drywaterv2 said:
    This machine requires XML knowledge doesn't it?

    I dont think so, I didn't had any knowledge when i did the machine.

    Google bro, it has answer to almost everything

    TheLegend

  • @meowzilla said:
    Hi All,

    I have obtained the user.txt. I am stuck in the next steps. I have read few log files but still not sure how to progress. Is there any hints? I tried to read all the post here but still not able to figure out.

    Thank you

    You know, when I don't find anything, poking around in all the folders that i have access to helps :wink:

    TheLegend

  • edited September 2018

    But maybe feed.py file available on the internet and I need to look source code ?

  • @evilcall said:
    But maybe feed.py file available on the internet and I need to look source code ?

    No need for all that, try a different approach.

    --Skunkfoot

  • I have tried everything I know.. Are there some parameter guess in get request ?

  • edited September 2018

    @9999volts said:
    Oh, i got something :) TY GreysMatter

  • Finally got it! Nice box, thank you for this one! Went down multiple wrong routes, but I learned a lot during all those ways. Enumeration still teaches a lot too a newbie like me. :)

  • edited September 2018

    DAMIT

  • edited September 2018

    Can i have some PM for hint to get priv esc? Thx! (I got the r*a.)
    Solved! "Back in time in DevOps mode"

  • Can anyone let me know if "internal server error" is indicative of a goosed box or just poor formatting of what im posting?

    tried lots of formats and i see get requests come back to me, but never the info i ask for.... :|

  • edited September 2018

    @Phrenesis2k said:

    @HackingSnake said:
    I'm still at the beginning , found a page on a port. I'm trying to enumerate with dirbuster but gives me some errors, am I on the wrong track?

    For some reason dirbuster failed for me aswell. try dirb

    Having problems with dirb, I get a "Calculating NOT_FOUND code..."

    edit: any suggestion on which wordlist to use?

  • If someone need help for an initial foothold pm me

    DeepBlue5

  • Stuck on the XML cant escalate it further.. any hint..?

  • Amazing box @lokori ! Really enjoyed the the user, a bit too obvious for root but it was very fun. Great Box! :+1:

  • > @sakyb said:
    > Stuck on the XML cant escalate it further.. any hint..?

    What files/folders can you read? What would be great to read from a user directory?

    jamesa

  • Hi all,

    Is there anyone I could PM? I've got user.txt, I've got a shell access but am really struggling to get root.txt. I've trawled through logs, through code, through config files, etc.

    Thanks

    P0e

  • hey guys, can someone PM me? I got user flag, im having issues getting shell. I have r*a but its giving me invalid format error despite validating it and getting a thumbprint from it. Ive been at this for a few days now and its killin me

  • How to connect with uPnP/5000 port ,exploit?

  • @n3gz404 said:
    hey guys, can someone PM me? I got user flag, im having issues getting shell. I have r*a but its giving me invalid format error despite validating it and getting a thumbprint from it. Ive been at this for a few days now and its killin me

    Message me, I've got shell

  • I believe I've found the priv esc vector, however I can't seem to execute commands. Would love to have a chat, figure out where I'm going wrong if someone is kind enough.

    Cheers!

  • @jamesa said:

    am unable to read file from server... what payload i can you in my xml ..? help!

  • edited September 2018

    Well, it's time to give up. I've got user.txt, can read some files and can see the past (basics), but I definitely don't know how to use this information. Please, PM me a hint.
    UPD: Got it by myself! :)

  • I really enjoyed this one, very "addictive" machine indeed.

    Thanks to @lokori !

  • Rooted - great box, PM me for hints

  • fun box! all i can say is remember, keep it simple stupid

  • rooted, pm me for hints

Sign In to comment.